<html><body><div style="color:#000; background-color:#fff; font-family:arial, helvetica, sans-serif;font-size:10pt"><div>I run PCBSD 9.1 and have a Warden jail setup.<br>
<br>
In that jail which has it's own local IP, 192.168.1.12, I have an Apache server.<br>
<br>
Normally when I connect the computer to a single router that is
connected to a modem, I set "nameserver 192.168.1.1", i.e. the router
LAN IP / gateway, in etc/resolv.conf on the jail and have no problems.<br>
<br>
Now I have added a 2nd router daisy chained from the primary router,
running a subnet (primary router has IP: 192.168.1.1 and secondary
router: 192.168.2.1).<br>
<br>
The computer running the jail is plugged into the secondary router.<br>
<br>
The problem is, the jail can't contact the internet. I can SSH into the
jail from the host but it takes a very long time to connect, like 15
seconds or so.<br>
<br>
I can't ping out of the jail either, even as root I get: ping: socket: Operation not permitted.<br>
<br>
Disabling the firewall has no effect.<br><br>The server responds to any connection from any computer connected to the 2nd router but it's slow.<br>
<br>
I've tried different IP addresses for "nameserver" but nothing works.
The resolv.conf file on the PCBSD host just lists the ISPs DNS servers.
Even changing the 2nd router's IP to 192.168.1.1 and the primary router
to 192.168.2.1 has no effect. I thought maybe the jails needed to be
on the same subnet.<br>
<br>
I have no problems using the internet from the host, just the jails.<br>
<br>
Any ideas why this happens and how to get around it? I've had this problem for years with different versions of FreeBSD.<br><br>I thought that jails just used the host's internet setup.</div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: arial,helvetica,sans-serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: arial,helvetica,sans-serif; background-color: transparent; font-style: normal;">I posted this first on the PCBSD forum but got no response. I also posted on the FreeBSD networking forum and got this, which is a bit over my head:</div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: arial,helvetica,sans-serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: arial,helvetica,sans-serif; background-color: transparent; font-style:
normal;">---------------------------------------<br></div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: arial,helvetica,sans-serif; background-color: transparent; font-style: normal;">Basically your jail is using the same routing as the rest of the machine you have several options, though they may not all be supported in the PCBSD 9.1 jail system<br><br>1/ you could use ipfw to do packet forwarding this is what we used to before we had #2 and #3.<br>2/ you can specify that the jail should use a different FIB (routing table) you should look up setfib(1) and setfib(2) and follow the 'see also' pointers as well.<br>3/ you can use VIMAGE and set up a jail with a completely separate network stack.</div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: arial,helvetica,sans-serif; background-color: transparent; font-style: normal;"><br>Documentation for this is a bit hard to find but use the 'vnet' option
in jail(8) - look up VIMAGE and vnet in google.<br>---------------------------------------</div><div style="color: rgb(0, 0, 0); font-size: 13.3333px; font-family: arial,helvetica,sans-serif; background-color: transparent; font-style: normal;"><br>Thanks,<br><br>Jeff</div></div></body></html>